From Lure to Breach: 3 Phishing Tactics to Watch

In our previous post, The ABC’s of Ishing, we broke down the foundational tactics used by cybercriminals to deceive users and gain unauthorized access. This follow-up report expands on that foundation by exploring three evolving phishing threats that go beyond traditional email lures.

Angler Phishing, Calendar Phishing, and Captcha Phishing each exploit trust in everyday digital tools—social media platforms, calendar invites, and CAPTCHA challenges. According to Bitsight Threat Research, these methods are growing in both sophistication and frequency, placing organizations at increased risk.

1. Angler Phishing (Social Media Phishing)

Executive summary

Angler Phishing involves fraudsters creating fake customer support profiles on platforms like Facebook, Instagram, and Twitter. They closely mimic legitimate accounts, responding to user inquiries—especially from frustrated customers—to steal credentials or deliver malware.

Real‑world example

An attack campaign impersonated a major online payment provider’s X (formerly Twitter) support account. Fraudsters monitored posts tagging the real support handle. When users reached out, these fake accounts replied with branded login links. After clicking, victims were redirected to a convincing login prompt that captured their credentials. 

Impact

These attacks lead to account takeovers, data theft, reputational harm, and potential business disruption.

Strategic Recommendations

• Train employees to verify support accounts before sharing information.
   
• Enable MFA on all social media and business accounts.
   
• Monitor social platforms for impersonator accounts using specialized tools.
   
• Maintain a ready incident response plan for account compromises.

Report fake accounts promptly to social media platforms. According to Bitsight Threat Research, increased phishing chatter on social media often precedes broader targeting campaigns.

2. Calendar Phishing

Executive summary

Calendar Phishing exploits platforms like Google Calendar, embedding malicious links into invites to bypass email filters and deceive users into clicking without scrutiny.

Real‑world example

According to Bitsight Threat Intelligence, over a period of four weeks more than 4,000 spoofed invites hit approximately 300 organizations. These invites appeared as legitimate meeting requests, often redirecting users to phishing pages disguised as Google Forms or Drawings. A media advisory also flagged similar campaigns using misleading diary entries to lure users. 

Impact

This method enables credential harvesting, malware deployment, and unauthorized access to corporate systems.

Strategic Recommendations

• Educate users not to trust unsolicited calendar invites.
   
• Enable the “Only if sender is known” setting in Google Calendar.
   
• Keep email defenses and spam filters up to date.
   
• Monitor invite patterns for unusual domains or sender behavior.
   
• According to Bitsight Threat Research, rapid spikes in spoofed invites often signal active phishing campaigns targeting specific industries.

3. Captcha Phishing (Fake CAPTCHA)

Executive summary

Captcha Phishing involves tricking users into executing malicious commands under the guise of a CAPTCHA challenge. These fake CAPTCHAs can exploit human trust in verification processes for malware delivery.

Real‑world example

Fake CAPTCHAs have been embedded into seemingly harmless websites or ads. Clicking “I’m not a robot” tricks users into copying a command which they then paste and run via the Windows Run dialog box—installing malware like Lumma Stealer. 

Notable malware

Lumma Stealer has been linked to these tactics. It steals data from browsers and crypto wallets, using CAPTCHA-triggered execution to gain access and evade detection. 

Impact

This attack circumvents standard security checks, resulting in data breaches, malware infiltration, and system compromise.

Strategic Recommendations

• Train users to recognize suspicious CAPTCHA prompts, especially those requesting system commands.
   
• Implement robust endpoint protection that catches malicious activity at the browser level.
   
• Disable or restrict Run dialog and command-line interfaces as a precaution.
   
• Maintain multi-layered security and incident readiness. According to Bitsight Threat Research, such deceptive tactics are gaining traction and require proactive defense strategies.

Conclusion

Angler Phishing, Calendar Phishing, and Captcha Phishing each exploit common user behaviors and digital tools. According to Bitsight Threat Research, the convergence of human trust with modern phishing techniques makes these methods both effective and difficult to detect. Senior leadership should invest in awareness, automation, layered security, and rapid response to stay ahead of these evolving cyber threats. Learn more about how Bitsight Cyber Threat Intelligence can help.